Menu
kubectl proxy and kubectl port-forwarding look similar and sometimes confusing to me, I'm wondering about their differences and their own use cases.
814
GitOps. Using Kubectl port forward allows you to quickly access your Kubernetes clusters directly from your local computer. This article will help you understand how exactly kubectl port forward works.
The proxy provides a secure connection between the cluster(API Server) and the client, this avoid you having to change all your applications to implement a security logic just to communicate to the cluster, this way, you authenticate once, and every application use this secure connection without any changes.
As far as I know when you port-forward the port of choice to your machine kubectl connects to one of the masters of your cluster so yes, normally communication is encrypted.
The Kubernetes network proxy runs on each node. This reflects services as defined in the Kubernetes API on each node and can do simple TCP, UDP, and SCTP stream forwarding or round robin TCP, UDP, and SCTP forwarding across a set of backends.
As mentioned in "How kubectl port-forward works?"
kubectl port-forwardforwards connections to a local port to a port on a pod.Compared to
kubectl proxy,kubectl port-forwardis more generic as it can forward TCP traffic whilekubectl proxycan only forward HTTP traffic.
As an example, see "Kubernetes port forwarding simple like never before" from Alex Barashkov:
Port forwarding mostly used for the purpose of getting access to internal cluster resources and debugging.
How does it work?
Generally speaking, using port forwarding you could get on your ‘localhost’ any services launched in your cluster.
For example, if you have Redis installed in the cluster on 6379, by using a command like this:kubectl port-forward redis-master-765d459796-258hz 7000:6379you could forward Redis from the cluster to localhost:7000, access it locally and do whatever you want to do with it.
For a limited HTTP access, see kubectl proxy, and, as an example, "On Securing the Kubernetes Dashboard" from Joe Beda:
The easiest and most common way to access the cluster is through kubectl proxy. This creates a local web server that securely proxies data to the dashboard through the Kubernetes API server.
As shown in "A Step-By-Step Guide To Install & Use Kubernetes Dashboard" from Awanish:
kubectl create -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yamlAccessing Dashboard using the kubectl
kubectl proxyIt will proxy server between your machine and Kubernetes API server.
Now, to view the dashboard in the browser, navigate to the following address in the browser of your Master VM:
http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/
70
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
